My experience with Pynt

Jawahar Surapaneni
3 min readJan 5, 2023

--

Pynt security testing

Pynt is one of the tools that has recently generated a lot of interest in the testing community. By viewing the video tutorial that was given on their website, I got the idea to try the community version of it. First of all, the video tutorial was self-explanatory, and for users who have used or worked with postman and docker, executing the tool is like a cake walk.

As a user, what we normally see is how user-friendly is the tool usage. Pynt is ahead in this race. The instructions are self explanatory. Anyone who is familiar with postman and docker can begin using it.

One area where organisations have recently increased their focus is security testing. Engineering teams or Operations teams are configuring and performing development code scans, 3rd party libraries scans using tools like Veracode. But these scans happen on source code level. Coming to Pynt, it generates the API security tests automatically if we have postman API collection defined. It executes the tests, and quickly returns the results. One of the beauty of Pynt is, its ability to generate security tests from functional API tests and perform vulnerability checks on top of it. One thing is for certain, as we define more and more functional API tests, the coverage for security will increase as security tests are generated based on the functional API tests we write.

Once the Pynt tests have been run, we can generate report which is intuitive and self explanatory and provides information about the test runs. Pynt offers documention which is excellent for newbies. In addition to this, there is separate section for troubleshooting which offers solutions to the problems (if we encounter any) while executing Pynt security tests. The offered information is benefiacial and helps us to debug the tests at faster pace.

Last but not least, as we continue to discuss the shift-left methodology in testing, Pynt offers a method for integrating security tests into CI/CD pipelines, which enables development teams to identify problems before they affect the production environment. We can use github actions to run Pynt tests as part of this integration as soon as a pull request is submitted. We can create rules internally to prevent the merging of pull request if the code is prone to vulnerability.

Some of the things, which i liked about Pynt after my exploration:

We can perform seamless testing with the Postman or Newman API test runner.

Seamless integration with CI/CD pipelines to get quicker feedback.

Faster execution.

If you are developing application from start, Pynt can play pivotal role to write non vulnerable code.

Pynt is smart enough to generate API security tests on across different API’s (including 3rd party) integrated in the code

Overall, the tool looks promising and expecting lot more exciting features and integrations to work with in their up coming releases.

--

--

No responses yet